Suchergebnisse

Over-the-air (OTA) update is a method for vehicle manufacturers to remotely distribute maintenance updates, performance, and feature enhancements through the vehicle's lifespan. Recalls of vehicles cost the manufactures a lot of money. OTA solves the recall issue, while allowing consumers to pay for services and features via an update. The OTA ecosystem includes the coders who first developed the firmware, the 1st Tier suppliers, the vehicle manufacturers, and the vehicle itself. Currently, manufacturers designed the networks for speed and responsiveness, and not security. This article examines these elements and drills into the security available for each. The slowest and one of the most vulnerable parts of the system is the communications within the vehicle. The vehicle networks must ensure the integrity and authenticity of messages transmitted to guarantee software programmed onto ECUs are authorized and tamper-free. Specialist hardware within the vehicle makes this possible in an operation environment, such as hardware security modules.

The cyber threat to industrial control systems is an acknowledged security issue, but a qualified dataset to quantify the risk remains largely unavailable. Senior executives of facilities that operate these systems face competing requirements for investment budgets, but without an understanding of the nature of the threat, cyber security may not be a high priority. Education and awareness campaigns are established methods of raising the profile of security issues with stakeholders, but traditional techniques typically deliver generic messages to wide audiences, rather than tailoring the communications to those who understand the impact of organisational risks. This paper explores the use of experiential learning through serious games for senior executives, to develop mental models within which participants can frame the nature of the threat, thereby raising their cyber security awareness, and increasing their motivation to address the issue.

Cyber-threats are one of the most significant problems faced by modern Industrial Control Systems (ICS), such as SCADA (Supervisory Control and Data Acquisition) systems, as the vulnerabilities of ICS technology become serious threats that can ultimately compromise human lives. This situation demands a domain-specific approach to cyber threat detection within ICS, which is one of the most important contributions of the CockpitCI FP7 project (http://CockpitCI.eu). Specifically, this paper will present the CockpitCI distributed Intrusion Detection System (IDS) for ICS, which provides its core cyber-detection and analysis capabilities, also including a description of its components, in terms of role, operation, integration, and remote management. Moreover, it will also introduce and describe new domain-specific solutions for ICS security such as the SCADA Honeypot and the Shadow Security Unit, which are part of the CockcpitCI IDS framework.